Title: Monitor and detect suspicious transactions with database forensics and Dempster-Shafer theory of evidence

Authors: Harmeet Kaur Khanuja; Dattatraya Adane

Addresses: Department of Computer Engineering, MMCOE, Pune, India ' Department of Information Technology, SRCOEM, Nagpur, India

Abstract: The digital investigators have now approached databases for investigating the cyber crimes. The illegal financial transactions on the web which goes undetected can now be revealed through database forensics. In response to this, we have proposed a methodology to detect the illegal financial transactions through database audit logs. The aim here is to monitor the database, detect the suspicious transactions and report the risk level of these transactions. Different databases are monitored to extract SQL transactions through their respective audit logs. The SQL transactions obtained are transformed and loaded in a standard XML format which contains financial records along with its metadata. Initially, we process the financial transaction records with rule-based outlier detection algorithm and classifies the transactions as per RBI rules. The suspected transactions obtained as outliers are marked with initial belief values. To verify the uncertainty of the suspected transactions we apply Dempster-Shafer's theory of evidence which combines various evidence of suspected transactions obtained through audit logs. The experiments performed manifest the risk level of suspected transactions.

Keywords: audit logs; database forensics; Dempster-Shafer theory; DST; money laundering; outliers; suspicious transactions.

DOI: 10.1504/IJESDF.2020.106302

International Journal of Electronic Security and Digital Forensics, 2020 Vol.12 No.2, pp.154 - 173

Received: 08 Feb 2018
Accepted: 14 Jan 2019
Published online: 02 Apr 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article